InMotion Hosting Support Center

Defending against WordPress xmlrpc attacks

Category: Server Usage

InMotionFans
n/a Points
Asked:
2014-08-27 4:14 pm EST

Hits: 1,123
Hi I have my own sites as well as a lot of my clients' sites on inMotion and I'd like your opinion.
I have seen .htaccess rules protecting against xmlrpc attacks using...

Redirect 301 /xmlrpc.php http://127.0.0.1

This reflects attacks back to the offender.
I've also seen...

<Files "xmlrpc.php">
Order allow,deny
Deny from all
</Files>

Which will just plain deny access to the file.

Does inMotion have a preference? Is one easier on cpu bandwidth than the other?

Thanks!

You must login before you can ask a follow up question.

You must login before you can submit an answer.

OTHER ANSWERS

0

JeffMa
Staff
11,186 Points
2014-08-27 5:15 pm EST
The solution is entirely up to you but in most cases. Personally, I recommend denying access to the file completely instead of the redirect but either way will be perfectly fine.

You must login before you can post a comment about this answer.

Would the redirect raise a flag with whoever is hosting the attacker?

I have a client (here on IM) that has been hit hard from an Amazon (AWS) IP address. It would be so cool to be able to use the attackers attacks against themselves.
kdawes01
39 Points
2014-08-27 5:37 pm EST
Hello Kdawes01,

It is possible, but the host would need to be aware of the issue. Many of the attacks are done through automation and use a variety of IP addresses, so it may not even look like an attack from those who monitor.

Regards,
Arnel C.
Arn
42,432 Points
Staff
2014-08-27 5:45 pm EST
There should be a plugin for this also: Remove XMLRPC Pingback Ping
Terrabyte
73 Points
2014-08-28 1:15 am EST
Revisiting this question... I've had a client (here on IM) that I've used the "deny" method and under an xmlrpc attack resource usage has still gone through the roof (over 2000% !!!) and brought the site to a crawl.
Would the redirect method (or some other method) use fewer resources?
kdawes01
39 Points
2014-11-07 2:09 pm EST
0

TJEdens
Staff
10,077 Points
2014-11-07 2:46 pm EST
Hello Kdawes01,

Using the .htaccess block would help lower the accounts resource usage. There are other things you can do as well. I would recommend your client to send an email to our support team and ask for an account review.

Kindest Regards,
TJ Edens

You must login before you can post a comment about this answer.

Like this Question?

Support Center Login

Our Login page has moved, Click the button below to be taken to the login page.

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!